AWS::RDS::DBSecurityGroup - Amazon CloudFormation
SyntaxPropertiesReturn valuesExamples
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::RDS::DBSecurityGroup

The AWS::RDS::DBSecurityGroup resource creates or updates an Amazon RDS DB security group.

Note

EC2-Classic was retired on August 15, 2022. If you haven't migrated from EC2-Classic to a VPC, we recommend that you migrate as soon as possible. For more information, see Migrate from EC2-Classic to a VPC in the Amazon EC2 User Guide, the blog EC2-Classic Networking is Retiring – Here’s How to Prepare, and Moving a DB instance not in a VPC into a VPC in the Amazon RDS User Guide.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::RDS::DBSecurityGroup",
  "Properties" : {
      "DBSecurityGroupIngress" : [ Ingress, ... ],
      "EC2VpcId" : String,
      "GroupDescription" : String,
      "Tags" : [ Tag, ... ]
    }
}

YAML

Type: AWS::RDS::DBSecurityGroup
Properties:
  DBSecurityGroupIngress: 
    - Ingress
  EC2VpcId: String
  GroupDescription: String
  Tags: 
    - Tag

Properties

DBSecurityGroupIngress

Ingress rules to be applied to the DB security group.

Required: Yes

Type: Array of Ingress

Update requires: No interruption

EC2VpcId

The identifier of an Amazon virtual private cloud (VPC). This property indicates the VPC that this DB security group belongs to.

Important

This property is included for backwards compatibility and is no longer recommended for providing security information to an RDS DB instance.

Required: No

Type: String

Update requires: Replacement

GroupDescription

Provides the description of the DB security group.

Required: Yes

Type: String

Update requires: Replacement

Tags

Metadata assigned to an Amazon RDS resource consisting of a key-value pair.

For more information, see Tagging Amazon RDS resources in the Amazon RDS User Guide or Tagging Amazon Aurora and Amazon RDS resources in the Amazon Aurora User Guide.

Required: No

Type: Array of Tag

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the name of the DB security group.

For more information about using the Ref function, see Ref.

Fn::GetAtt

Examples

Creating a single VPC security group

The following example creates a single VPC security group, referred to by EC2SecurityGroupName.

JSON

{
    "Resources": {
        "DBinstance": {
            "Type": "AWS::RDS::DBInstance",
            "Properties": {
                "DBSecurityGroups": [
                    {
                        "Ref": "DbSecurityByEC2SecurityGroup"
                    }
                ],
                "AllocatedStorage": "5",
                "DBInstanceClass": "db.t3.small",
                "Engine": "MySQL",
                "MasterUsername": "YourName",
                "MasterUserPassword": "YourPassword"
            },
            "DeletionPolicy": "Snapshot"
        },
        "DbSecurityByEC2SecurityGroup": {
            "Type": "AWS::RDS::DBSecurityGroup",
            "Properties": {
                "GroupDescription": "Ingress for Amazon EC2 security group",
                "DBSecurityGroupIngress": [
                    {
                        "EC2SecurityGroupId": "sg-b0ff1111",
                        "EC2SecurityGroupOwnerId": "111122223333"
                    },
                    {
                        "EC2SecurityGroupId": "sg-ffd722222",
                        "EC2SecurityGroupOwnerId": "111122223333"
                    }
                ]
            }
        }
    }
}

YAML

Resources: 
  DBinstance: 
    Type: AWS::RDS::DBInstance
    Properties: 
      DBSecurityGroups: 
        - 
          Ref: "DbSecurityByEC2SecurityGroup"
      AllocatedStorage: "5"
      DBInstanceClass: "db.t3.small"
      Engine: "MySQL"
      MasterUsername: "YourName"
      MasterUserPassword: "YourPassword"
    DeletionPolicy: "Snapshot"
  DbSecurityByEC2SecurityGroup: 
    Type: AWS::RDS::DBSecurityGroup
    Properties: 
      GroupDescription: "Ingress for Amazon EC2 security group"
      DBSecurityGroupIngress: 
        - 
          EC2SecurityGroupId: "sg-b0ff1111"
          EC2SecurityGroupOwnerId: "111122223333"
        - 
          EC2SecurityGroupId: "sg-ffd722222"
          EC2SecurityGroupOwnerId: "111122223333"

Multiple VPC security groups

The following example creates or updates multiple VPC security groups.

JSON

"DBSecurityGroup": {
   "Type": "AWS::RDS::DBSecurityGroup",
   "Properties": {
      "EC2VpcId" : { "Ref" : "VpcId" },
      "DBSecurityGroupIngress": [
         {"EC2SecurityGroupName": { "Ref": "WebServerSecurityGroup"}}
      ],
      "GroupDescription": "Frontend Access"
   }
}

YAML

DBSecurityGroup: 
  Type: AWS::RDS::DBSecurityGroup
  Properties: 
    EC2VpcId: 
      Ref: "VpcId"
    DBSecurityGroupIngress: 
      - 
        EC2SecurityGroupName: 
          Ref: "WebServerSecurityGroup"
    GroupDescription: "Frontend Access"